From c3094e1f80948dc80db04111509470eb1e3a7fbc Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Mon, 26 Jun 2023 15:30:14 -0500 Subject: [PATCH] test v2.6.0 json string multiline --- .github/workflows/build.yml | 261 ++++++++++++++++-------------- .github/workflows/local-test.yaml | 91 +++++++++-- integrationTests/e2e/setup.js | 44 +++++ src/action.js | 3 +- src/secrets.js | 6 +- 5 files changed, 268 insertions(+), 137 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e848780..2dc1a4e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -144,148 +144,167 @@ jobs: VAULT_HOST: localhost VAULT_PORT: 8200 - - name: Test Vault Action (default KV V2) - uses: ./ - id: kv-secrets - with: - url: http://localhost:8200 - token: testtoken - secrets: | - secret/data/test secret ; - secret/data/test secret | NAMED_SECRET ; - secret/data/nested/test otherSecret ; - - - name: Test Vault Action (default KV V1) + - name: Import Secrets + id: import-secrets uses: ./ with: url: http://localhost:8200 token: testtoken secrets: | - my-secret/test altSecret ; - my-secret/test altSecret | NAMED_ALTSECRET ; - my-secret/nested/test otherAltSecret ; + secret/data/test-json-string-multiline jsonStringMultiline; - - name: Test Vault Action (cubbyhole) - uses: ./ - with: - url: http://localhost:8200 - token: testtoken - secrets: | - /cubbyhole/test foo ; - /cubbyhole/test zip | NAMED_CUBBYSECRET ; + - name: Check Secrets + run: | + echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json - - name: Verify Vault Action Outputs - run: npm run test:integration:e2e - env: - OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} + - name: Check json file format + run: | + echo "multiline:" + cat multiline.json + jq -c . < multiline.json + + # - name: Test Vault Action (default KV V2) + # uses: ./ + # id: kv-secrets + # with: + # url: http://localhost:8200 + # token: testtoken + # secrets: | + # secret/data/test secret ; + # secret/data/test secret | NAMED_SECRET ; + # secret/data/nested/test otherSecret ; + + # - name: Test Vault Action (default KV V1) + # uses: ./ + # with: + # url: http://localhost:8200 + # token: testtoken + # secrets: | + # my-secret/test altSecret ; + # my-secret/test altSecret | NAMED_ALTSECRET ; + # my-secret/nested/test otherAltSecret ; + + # - name: Test Vault Action (cubbyhole) + # uses: ./ + # with: + # url: http://localhost:8200 + # token: testtoken + # secrets: | + # /cubbyhole/test foo ; + # /cubbyhole/test zip | NAMED_CUBBYSECRET ; + + # - name: Verify Vault Action Outputs + # run: npm run test:integration:e2e + # env: + # OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} - - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2) - uses: ./ - with: - url: http://localhost:8200/ - token: testtoken - secrets: | - secret/data/test secret | SUBSEQUENT_TEST_SECRET; - - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) - uses: ./ - with: - url: http://localhost:8200/ - token: testtoken - secrets: | - secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; + # - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2) + # uses: ./ + # with: + # url: http://localhost:8200/ + # token: testtoken + # secrets: | + # secret/data/test secret | SUBSEQUENT_TEST_SECRET; + # - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) + # uses: ./ + # with: + # url: http://localhost:8200/ + # token: testtoken + # secrets: | + # secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET; - e2e-tls: - runs-on: ubuntu-latest + # e2e-tls: + # runs-on: ubuntu-latest - steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - ref: ${{ github.ref }} + # steps: + # - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + # with: + # ref: ${{ github.ref }} - - name: Run docker-compose - run: docker-compose up -d vault-tls + # - name: Run docker-compose + # run: docker-compose up -d vault-tls - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version: '16.14.0' + # - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 + # with: + # node-version: '16.14.0' - - name: Setup NPM Cache - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- + # - name: Setup NPM Cache + # uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + # with: + # path: ~/.npm + # key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + # restore-keys: | + # ${{ runner.os }}-node- - - name: NPM Install - run: npm ci + # - name: NPM Install + # run: npm ci - - name: NPM Build - run: npm run build + # - name: NPM Build + # run: npm run build - - name: Setup Vault - run: node ./integrationTests/e2e-tls/setup.js - env: - VAULT_HOST: localhost - VAULT_PORT: 8200 - VAULTCA: ${{ secrets.VAULTCA }} - VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }} - VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }} + # - name: Setup Vault + # run: node ./integrationTests/e2e-tls/setup.js + # env: + # VAULT_HOST: localhost + # VAULT_PORT: 8200 + # VAULTCA: ${{ secrets.VAULTCA }} + # VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }} + # VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }} - - name: Test Vault Action (default KV V2) - uses: ./ - id: kv-secrets - with: - url: https://localhost:8200 - token: ${{ env.VAULT_TOKEN }} - caCertificate: ${{ secrets.VAULTCA }} - clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} - clientKey: ${{ secrets.VAULT_CLIENT_KEY }} - secrets: | - secret/data/test secret ; - secret/data/test secret | NAMED_SECRET ; - secret/data/nested/test otherSecret ; + # - name: Test Vault Action (default KV V2) + # uses: ./ + # id: kv-secrets + # with: + # url: https://localhost:8200 + # token: ${{ env.VAULT_TOKEN }} + # caCertificate: ${{ secrets.VAULTCA }} + # clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} + # clientKey: ${{ secrets.VAULT_CLIENT_KEY }} + # secrets: | + # secret/data/test secret ; + # secret/data/test secret | NAMED_SECRET ; + # secret/data/nested/test otherSecret ; - - name: Test Vault Action (tlsSkipVerify) - uses: ./ - with: - url: https://localhost:8200 - token: ${{ env.VAULT_TOKEN }} - tlsSkipVerify: true - clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} - clientKey: ${{ secrets.VAULT_CLIENT_KEY }} - secrets: | - secret/data/tlsSkipVerify skip ; + # - name: Test Vault Action (tlsSkipVerify) + # uses: ./ + # with: + # url: https://localhost:8200 + # token: ${{ env.VAULT_TOKEN }} + # tlsSkipVerify: true + # clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} + # clientKey: ${{ secrets.VAULT_CLIENT_KEY }} + # secrets: | + # secret/data/tlsSkipVerify skip ; - - name: Test Vault Action (default KV V1) - uses: ./ - with: - url: https://localhost:8200 - token: ${{ env.VAULT_TOKEN }} - caCertificate: ${{ secrets.VAULTCA }} - clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} - clientKey: ${{ secrets.VAULT_CLIENT_KEY }} - secrets: | - my-secret/test altSecret ; - my-secret/test altSecret | NAMED_ALTSECRET ; - my-secret/nested/test otherAltSecret ; + # - name: Test Vault Action (default KV V1) + # uses: ./ + # with: + # url: https://localhost:8200 + # token: ${{ env.VAULT_TOKEN }} + # caCertificate: ${{ secrets.VAULTCA }} + # clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} + # clientKey: ${{ secrets.VAULT_CLIENT_KEY }} + # secrets: | + # my-secret/test altSecret ; + # my-secret/test altSecret | NAMED_ALTSECRET ; + # my-secret/nested/test otherAltSecret ; - - name: Test Vault Action (cubbyhole) - uses: ./ - with: - url: https://localhost:8200 - token: ${{ env.VAULT_TOKEN }} - secrets: | - /cubbyhole/test foo ; - /cubbyhole/test zip | NAMED_CUBBYSECRET ; - caCertificate: ${{ secrets.VAULTCA }} - clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} - clientKey: ${{ secrets.VAULT_CLIENT_KEY }} + # - name: Test Vault Action (cubbyhole) + # uses: ./ + # with: + # url: https://localhost:8200 + # token: ${{ env.VAULT_TOKEN }} + # secrets: | + # /cubbyhole/test foo ; + # /cubbyhole/test zip | NAMED_CUBBYSECRET ; + # caCertificate: ${{ secrets.VAULTCA }} + # clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} + # clientKey: ${{ secrets.VAULT_CLIENT_KEY }} - - name: Verify Vault Action Outputs - run: npm run test:integration:e2e-tls - env: - OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} + # - name: Verify Vault Action Outputs + # run: npm run test:integration:e2e-tls + # env: + # OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} # Removing publish step for now. # publish: diff --git a/.github/workflows/local-test.yaml b/.github/workflows/local-test.yaml index 2603491..1c2c1ba 100644 --- a/.github/workflows/local-test.yaml +++ b/.github/workflows/local-test.yaml @@ -1,24 +1,89 @@ # This is a sample workflow to help test contributions # Change the branch name, url and token to fit with your own environment -# Use 'on: push' instead of 'on: local-test' if you wish to run the test on github -# If running locally with act, run the workflow with 'act local-test' +# To run this locally with act use: +# act workflow_dispatch -j local-test +# +# If you have permissions, you can run this workflow via the GitHub UI. +# Otherwise, use 'on: push' instead of 'on: workflow_dispatch'. -# Don't forget to revert the file changes and invalidate any tokens that were committed before opening a pull-request -on: local-test +# Don't forget to revert the file changes and invalidate any tokens that were +# committed before opening a pull request. +on: workflow_dispatch name: local-test jobs: - build: + local-test: name: local-test runs-on: ubuntu-latest steps: - - name: Import Secrets - uses: hashicorp/vault-action@YOUR_BRANCH_NAME - with: - url: http://localhost:8200 - method: token - token: testtoken - secrets: | - secret/data/test secret | SAMPLE_SECRET; + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 + with: + node-version: '16.14.0' + + - name: NPM Install + run: npm ci + + - name: NPM Build + run: npm run build + + - name: Setup Vault + run: node ./integrationTests/e2e/setup.js + env: + VAULT_HOST: localhost + VAULT_PORT: 8200 + + - name: Import Secrets + id: import-secrets + # use the local changes + uses: ./ + # run against a specific version of vault-action + # uses: hashicorp/vault-action@v2.6.0 + # uses: hashicorp/vault-action@v2.1.1 + with: + url: http://localhost:8200 + method: token + token: testtoken + # secret/data/test-json-string jsonString; + # secret/data/test-json-big jsonBig; + # secret/data/test-json-string-big jsonStringBig; + secrets: | + secret/data/test-json-string jsonString; + secret/data/test-json-data jsonData; + secret/data/test-json-string-multiline jsonStringMultiline; + secret/data/singleline singleline; + + - name: Check Secrets + # echo "${{ steps.import-secrets.outputs.jsonBig }}" > big.json + # echo "${{ steps.import-secrets.outputs.jsonStringBig }}" > stringbig.json + run: | + echo "${{ steps.import-secrets.outputs.jsonString }}" > secrets.json + echo "${{ steps.import-secrets.outputs.jsonData }}" > data.json + echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json + echo "${{ steps.import-secrets.outputs.singleline }}" > singleline.json + + - name: Check json file format + # cat ~/Desktop/sa.json | vault kv put -mount=secret cat KEY=@/Users/jmf/Desktop/sa.json + run: | + # echo "secrets:" + # cat secrets.json + # jq -c . < secrets.json || true + + # echo "data:" + # cat data.json + # jq -c . < data.json || true + + echo "multiline:" + cat multiline.json + jq -c . < multiline.json || true + + # echo "singleline:" + # cat singleline.json + # jq -c . < singleline.json || true + + # - name: test parse + # run: | + # node ./scripts/parse.js "${{ steps.import-secrets.outputs.jsonStringMultiline }}" diff --git a/integrationTests/e2e/setup.js b/integrationTests/e2e/setup.js index 96f2295..8f4c938 100644 --- a/integrationTests/e2e/setup.js +++ b/integrationTests/e2e/setup.js @@ -3,6 +3,14 @@ const got = require('got'); const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`; const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.VAULT_TOKEN}` : "testtoken"; +const jsonStringMultiline = ` +{ + "x": 1, + "y": "q\nux" +} +`; + + (async () => { try { // Verify Connection @@ -36,6 +44,42 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V } }); + await got(`http://${vaultUrl}/v1/secret/data/test-json-string`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + data: { + jsonString: '{"x":1,"y":"qux"}', + }, + }, + }); + + await got(`http://${vaultUrl}/v1/secret/data/test-json-data`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + data: { + jsonData: {"x":1,"y":"qux"}, + }, + }, + }); + + await got(`http://${vaultUrl}/v1/secret/data/test-json-string-multiline`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + data: { + jsonStringMultiline, + }, + }, + }); + await got(`http://${vaultUrl}/v1/sys/mounts/my-secret`, { method: 'POST', headers: { diff --git a/src/action.js b/src/action.js index e193650..acc1d1c 100644 --- a/src/action.js +++ b/src/action.js @@ -107,7 +107,8 @@ async function exportSecrets() { for (const line of value.replace(/\r/g, '').split('\n')) { if (line.length > 0) { - core.setSecret(line); + // core.setSecret(line); + core.setOutput(line); } } if (exportEnv) { diff --git a/src/secrets.js b/src/secrets.js index 45b26e0..3174c42 100644 --- a/src/secrets.js +++ b/src/secrets.js @@ -41,7 +41,9 @@ async function getSecrets(secretRequests, client) { } catch (error) { const {response} = error; if (response?.statusCode === 404) { - throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`) + console.log(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`) + // throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`) + continue } throw error } @@ -89,4 +91,4 @@ async function selectData(data, selector) { module.exports = { getSecrets, selectData -} \ No newline at end of file +}